On 03/22/2010 03:10 PM, Daniel P. Berrange wrote:
This isn't necessarily libvirt's problem if it's mission is to provide a common hypervisor API that covers the most commonly used features.
That is more or less our current mission. If this mission leads to QEMU creating a non-libvirt based API& telling people to use that instead, then I'd say libvirt's mission needs to change to avoid that scenario ! I strongly believe that libvirt's strategy is good for application developers over the medium to long term. We need to figure out how to get rid of the short term pain from the feature timelag, rather than inventing a new library API for them to use.
Well that's certainly a good thing :-)
However, for qemu, we need an API that covers all of our features that people can develop against. The ultimate question we need to figure out is, should we encourage our users to always use libvirt or should we build our own API for people (and libvirt) to consume.
I don't think it's necessarily a big technical challenge for libvirt to support qemu more completely. I think it amounts to introducing a series of virQemuXXXX APIs that implement qemu specific functions. Over time, qemu specific APIs can be deprecated in favour of more generic virDomain APIs.
Stepping back a bit first, there are the two core areas in which people can be limited by libvirt currently.
1. Monitor commands 2. Command line flags
Ultimately, IIUC, you are suggesting we need to allow arbitrary passthrough for both of these in libvirt.
At the libvirt level, we have 3 core requirements
1. The XML format is extend only (new elements allowed, or add attributes or children to existing elements) 2. The C library API is append only (new symbols only) 3. The RPC wire protocol is append only (maps 1-1 to the C API generally)
We have a slightly different mentality within QEMU I think. Here's roughly how I'd characterize our guarantees. 1. For any two versions of QEMU, we try to guarantee that the same VM, as far as the guest sees it, can be created. 2. We tend to avoid changing command line syntax unless the syntax was previously undefined. 3. QMP supports enumeration and feature negotiation. This enables a client to discover which functions are supported. 4. We try to maintain monitor interfaces but provide no guarantees of compatibility.
The core question for us as libvirt developers is how we could support QEMU specific features that may change arbitrarily, without it impacting on our ability to maintain these 3 requirements for the non-hypervisor specific APIs.
We don't ever want to be in a situation where a QEMU specific API will require us to change the soname of the main libvirt library, or introduce incompatible wire protocol changes. If we were to introduce QEMU specific APIs, we also need a way to easily remove those over time, as& when we have them available as generic APIs.
At the C API level, this to me suggests that we'd want to introduce a separate libvirt-qemu.so library for the QEMU specific APIs. This library would not have the same requirements of fixed long term ABI that the main libvirt.so did. We'd add QEMU APIs to libvirt-qemu.so any time needed, but remove them when the equivalent functionality were in libvirt.so, and increment the soname of libvirt-qemu.so at that point.
How different is having a libvirt-qemu.so from having a libqemu.so that libvirt.so uses? Practically speaking, if libvirt-qemu.so uses a separate XML namespace, does the fact that we use a different config format matter since you can transform our config format to XML and vice versa? I think the problem is, if libvirt.so introduces a common API, removing it from libvirt-qemu.so is burdensome to an end-user. For someone designing a QEMU specific management application, why should they have to update their implementation to a common API that they'll never use?
At the wire protocol level, the protocol allows us to support multiple versioned protocols in parallel over the same data stream. So again there, we could define a sub-protocol for QEMU specific features for which we don't provide the indefinite ABI compatability.
Finally the XML format is "easy" - just have a versioned XML namespace for extra pieces, that's distinct from the default namespace, again without the permanent long term compatability guarentees.
There are, however, some bits that are unlikely to work when QEMU is under libvirt. Specifically any of the device backends that use stdio (eg, -serial stdio, or the ncurses graphics), simply because all libvirt spawned VMs are fully daemonized& so stdio is /dev/null
This seems fixable with //session.
Other items are hard, but not entirely impossible to solve. eg, any use of the 'script=' arg for -net devices doesn't work, because libvirt clears all capabilities from the QEMU process so it'll be lacking CAP_NET_ADMIN which most TAP device setup scripts in fact need.
Some parts of the C library/wire protocol here are related to another feature I'd like to introduce for libvirt, namely a administrative library. eg a API to configure and manage the libvirtd daemon itself on the fly. This could easily hook into the wire protocol, but live as a separate libvirt-daemon.so library API in similar way to what I suggest for QEMU specific API
What's the feeling about this from the libvirt side of things? Is there interest in support hypervisor specific interfaces should we be looking to provide our own management interface for libvirt to consume?
Adding yet another library in the stack isn't really going to solve the problem from the POV of libvirt users, but rather fork the community effort which I imagine we'd all rather avoid. Having to tell people to switch to a different library API to get access to a specific feature is a short term win, but with a significant long term cost/burden. This means we really do need to figure out how to better/fully support QEMU's features in libvirt, removing the feature timelag pain.
I think what we need to do is find a way to more tightly integrate the QEMU and libvirt communities in such a way that when a patch was submitted against QEMU adding a new feature, we could ask that that feature was implemented in libvirt. I see two ways to do this. One would be for libvirt to have a libvirt.so and libvirt-qemu.so. The QEMU community would have to be much more heavily involved in libvirt-qemu.so and it probably suggests that libvirt-qemu.so should follow our release cycle. libvirt would have to support using either libvirt.so or libvirt-qemu.so for it's users. The alternative would be for the QEMU community to produce a libqemu.so and for libvirt.so to consume libqemu.so. The libvirt community ought to be heavily engaged in the development of libqemu.so and certainly, shared maintainership would be appropriate. A user using libvirt.so should see guests created with either libqemu.so or libvirt.so although libqemu.so would provide weaker long term compatibility guarantees (but more features). I think both approaches are technically workable. The question is which is the most appealing to both communities and which requires the least development effort. At a high level, I think libqemu.so would require a heavy refactoring of the qemu libvirt driver. Guest enumeration would have to be handled by qemu and libvirt would need to support translating qemu's config format to an XML format. It would also need to translate the qemu XML format into it's own XML format relying on an xmlns to support the features that are not currently supported by the common hypervisor API. The advantage though would be that any qemu instance launched would be visible to libvirt and libvirt tooling. libvirt-qemu.so would require less change to the qemu driver in libvirt but would require some awkwardness in terms of translating a guest config to an XML config. Some of the concepts that qemu supports (like running a guest as non-privileged user using stdio) would be difficult to support. Regards, Anthony Liguori Regards, Anthony Liguori
Regards, Daniel